[Libreoffice-commits] core.git: sc/source
ᚉᚐᚑᚂᚐᚅ McNamara
caolanm at redhat.com
Tue Oct 28 09:05:19 PDT 2014
sc/source/filter/excel/xltoolbar.cxx | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
New commits:
commit 5356d06f5c3cae96c15c4da49ab31c760509d6d7
Author: ᚉᚐᚑᚂᚐᚅ McNamara <caolanm at redhat.com>
Date: Tue Oct 28 15:59:42 2014 +0000
coverity#1242796 Untrusted loop bound
and throw ogham at the bugzilla bot for kicks
Change-Id: I50cdf676e59e4e966f999218837dabfdd2008b6e
diff --git a/sc/source/filter/excel/xltoolbar.cxx b/sc/source/filter/excel/xltoolbar.cxx
index 0121b21..f85f455 100644
--- a/sc/source/filter/excel/xltoolbar.cxx
+++ b/sc/source/filter/excel/xltoolbar.cxx
@@ -356,8 +356,16 @@ ScCTBWrapper::Read( SvStream &rS)
{
OSL_TRACE("ScCTBWrapper::Read() stream pos 0x%x", rS.Tell() );
nOffSet = rS.Tell();
- if ( !ctbSet.Read( rS ) )
+ if (!ctbSet.Read(rS))
return false;
+
+ //ScCTB is 1 TB which is min 15bytes, nViews TBVisualData which is min 20bytes
+ //and one 32bit number (4 bytes)
+ const size_t nMinRecordSize = 39;
+ const size_t nMaxPossibleRecords = rS.remainingSize()/nMinRecordSize;
+ if (ctbSet.ctb > nMaxPossibleRecords)
+ return false;
+
for ( sal_uInt16 index = 0; index < ctbSet.ctb; ++index )
{
ScCTB aCTB( ctbSet.ctbViews );
More information about the Libreoffice-commits
mailing list